1 files changed, 530 insertions, 0 deletions
diff --git a/lib/shadow.c b/lib/shadow.c
new file mode 100644
index 0000000..b628b65
--- /dev/null
+++ b/lib/shadow.c
@@ -0,0 +1,530 @@
+/*
+ * SPDX-FileCopyrightText: 1989 - 1994, Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2009       , Nicolas François
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <config.h>
+
+/* Newer versions of Linux libc already have shadow support.  */
+#ifndef HAVE_GETSPNAM
+
+#ident "$Id$"
+
+#include <sys/types.h>
+#include "prototypes.h"
+#include "defines.h"
+#include <stdio.h>
+#ifdef	USE_NIS
+static bool nis_used;
+static bool nis_ignore;
+static enum { native, start, middle, native2 } nis_state;
+static bool nis_bound;
+static char *nis_domain;
+static char *nis_key;
+static int nis_keylen;
+static char *nis_val;
+static int nis_vallen;
+
+#define	IS_NISCHAR(c) ((c)=='+')
+#endif
+
+static FILE *shadow;
+
+#define	FIELDS	9
+#define	OFIELDS	5
+
+#ifdef	USE_NIS
+
+/*
+ * __setspNIS - turn on or off NIS searches
+ */
+
+void __setspNIS (bool flag)
+{
+	nis_ignore = !flag;
+
+	if (nis_ignore) {
+		nis_used = false;
+	}
+}
+
+/*
+ * bind_nis - bind to NIS server
+ */
+
+static int bind_nis (void)
+{
+	if (yp_get_default_domain (&nis_domain)) {
+		return -1;
+	}
+
+	nis_bound = true;
+	return 0;
+}
+#endif
+
+/*
+ * setspent - initialize access to shadow text and DBM files
+ */
+
+void setspent (void)
+{
+	if (NULL != shadow) {
+		rewind (shadow);
+	}else {
+		shadow = fopen (SHADOW_FILE, "r");
+	}
+
+#ifdef	USE_NIS
+	nis_state = native;
+#endif
+}
+
+/*
+ * endspent - terminate access to shadow text and DBM files
+ */
+
+void endspent (void)
+{
+	if (NULL != shadow) {
+		(void) fclose (shadow);
+	}
+
+	shadow = (FILE *) 0;
+}
+
+/*
+ * my_sgetspent - convert string in shadow file format to (struct spwd *)
+ */
+
+static struct spwd *my_sgetspent (const char *string)
+{
+	static char spwbuf[BUFSIZ];
+	static struct spwd spwd;
+	char *fields[FIELDS];
+	char *cp;
+	int i;
+
+	/*
+	 * Copy string to local buffer.  It has to be tokenized and we
+	 * have to do that to our private copy.
+	 */
+
+	if (strlen (string) >= sizeof spwbuf)
+		return 0;
+	strcpy (spwbuf, string);
+
+	cp = strrchr (spwbuf, '\n');
+	if (NULL != cp)
+		*cp = '\0';
+
+	/*
+	 * Tokenize the string into colon separated fields.  Allow up to
+	 * FIELDS different fields.
+	 */
+
+	for (cp = spwbuf, i = 0; *cp && i < FIELDS; i++) {
+		fields[i] = cp;
+		while (*cp && *cp != ':')
+			cp++;
+
+		if (*cp)
+			*cp++ = '\0';
+	}
+
+	if (i == (FIELDS - 1))
+		fields[i++] = cp;
+
+	if ((cp && *cp) || (i != FIELDS && i != OFIELDS))
+		return 0;
+
+	/*
+	 * Start populating the structure.  The fields are all in
+	 * static storage, as is the structure we pass back.  If we
+	 * ever see a name with '+' as the first character, we try
+	 * to turn on NIS processing.
+	 */
+
+	spwd.sp_namp = fields[0];
+#ifdef	USE_NIS
+	if (IS_NISCHAR (fields[0][0])) {
+		nis_used = true;
+	}
+#endif
+	spwd.sp_pwdp = fields[1];
+
+	/*
+	 * Get the last changed date.  For all of the integer fields,
+	 * we check for proper format.  It is an error to have an
+	 * incorrectly formatted number, unless we are using NIS.
+	 */
+
+	if (fields[2][0] == '\0') {
+		spwd.sp_lstchg = -1;
+	} else {
+		if (getlong (fields[2], &spwd.sp_lstchg) == 0) {
+#ifdef	USE_NIS
+			if (nis_used) {
+				spwd.sp_lstchg = -1;
+			} else
+#endif
+				return 0;
+		} else if (spwd.sp_lstchg < 0) {
+			return 0;
+		}
+	}
+
+	/*
+	 * Get the minimum period between password changes.
+	 */
+
+	if (fields[3][0] == '\0') {
+		spwd.sp_min = -1;
+	} else {
+		if (getlong (fields[3], &spwd.sp_min) == 0) {
+#ifdef	USE_NIS
+			if (nis_used) {
+				spwd.sp_min = -1;
+			} else
+#endif
+			{
+				return 0;
+			}
+		} else if (spwd.sp_min < 0) {
+			return 0;
+		}
+	}
+
+	/*
+	 * Get the maximum number of days a password is valid.
+	 */
+
+	if (fields[4][0] == '\0') {
+		spwd.sp_max = -1;
+	} else {
+		if (getlong (fields[4], &spwd.sp_max) == 0) {
+#ifdef	USE_NIS
+			if (nis_used) {
+				spwd.sp_max = -1;
+			} else
+#endif
+				return 0;
+		} else if (spwd.sp_max < 0) {
+			return 0;
+		}
+	}
+
+	/*
+	 * If there are only OFIELDS fields (this is a SVR3.2 /etc/shadow
+	 * formatted file), initialize the other field members to -1.
+	 */
+
+	if (i == OFIELDS) {
+		spwd.sp_warn   = -1;
+		spwd.sp_inact  = -1;
+		spwd.sp_expire = -1;
+		spwd.sp_flag   = SHADOW_SP_FLAG_UNSET;
+
+		return &spwd;
+	}
+
+	/*
+	 * Get the number of days of password expiry warning.
+	 */
+
+	if (fields[5][0] == '\0') {
+		spwd.sp_warn = -1;
+	} else {
+		if (getlong (fields[5], &spwd.sp_warn) == 0) {
+#ifdef	USE_NIS
+			if (nis_used) {
+				spwd.sp_warn = -1;
+			} else
+#endif
+			{
+				return 0;
+			}
+		} else if (spwd.sp_warn < 0) {
+			return 0;
+		}
+	}
+
+	/*
+	 * Get the number of days of inactivity before an account is
+	 * disabled.
+	 */
+
+	if (fields[6][0] == '\0') {
+		spwd.sp_inact = -1;
+	} else {
+		if (getlong (fields[6], &spwd.sp_inact) == 0) {
+#ifdef	USE_NIS
+			if (nis_used) {
+				spwd.sp_inact = -1;
+			} else
+#endif
+			{
+				return 0;
+			}
+		} else if (spwd.sp_inact < 0) {
+			return 0;
+		}
+	}
+
+	/*
+	 * Get the number of days after the epoch before the account is
+	 * set to expire.
+	 */
+
+	if (fields[7][0] == '\0') {
+		spwd.sp_expire = -1;
+	} else {
+		if (getlong (fields[7], &spwd.sp_expire) == 0) {
+#ifdef	USE_NIS
+			if (nis_used) {
+				spwd.sp_expire = -1;
+			} else
+#endif
+			{
+				return 0;
+			}
+		} else if (spwd.sp_expire < 0) {
+			return 0;
+		}
+	}
+
+	/*
+	 * This field is reserved for future use.  But it isn't supposed
+	 * to have anything other than a valid integer in it.
+	 */
+
+	if (fields[8][0] == '\0') {
+		spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
+	} else {
+		if (getulong (fields[8], &spwd.sp_flag) == 0) {
+#ifdef	USE_NIS
+			if (nis_used) {
+				spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
+			} else
+#endif
+			{
+				return 0;
+			}
+		} else if (spwd.sp_flag < 0) {
+			return 0;
+		}
+	}
+
+	return (&spwd);
+}
+
+/*
+ * fgetspent - get an entry from a /etc/shadow formatted stream
+ */
+
+struct spwd *fgetspent (FILE * fp)
+{
+	char buf[BUFSIZ];
+	char *cp;
+
+	if (NULL == fp) {
+		return (0);
+	}
+
+#ifdef	USE_NIS
+	while (fgets (buf, (int) sizeof buf, fp) != (char *) 0)
+#else
+	if (fgets (buf, (int) sizeof buf, fp) != (char *) 0)
+#endif
+	{
+		cp = strchr (buf, '\n');
+		if (NULL != cp) {
+			*cp = '\0';
+		}
+#ifdef	USE_NIS
+		if (nis_ignore && IS_NISCHAR (buf[0])) {
+			continue;
+		}
+#endif
+		return my_sgetspent (buf);
+	}
+	return 0;
+}
+
+/*
+ * getspent - get a (struct spwd *) from the current shadow file
+ */
+
+struct spwd *getspent (void)
+{
+#ifdef	USE_NIS
+	int nis_1_user = 0;
+	struct spwd *val;
+#endif
+	if (NULL == shadow) {
+		setspent ();
+	}
+
+#ifdef	USE_NIS
+      again:
+	/*
+	 * See if we are reading from the local file.
+	 */
+
+	if (nis_state == native || nis_state == native2) {
+
+		/*
+		 * Get the next entry from the shadow file.  Return NULL
+		 * right away if there is none.
+		 */
+
+		val = fgetspent (shadow);
+		if (NULL == val)
+			return 0;
+
+		/*
+		 * If this entry began with a NIS escape character, we have
+		 * to see if this is just a single user, or if the entire
+		 * map is being asked for.
+		 */
+
+		if (IS_NISCHAR (val->sp_namp[0])) {
+			if (val->sp_namp[1])
+				nis_1_user = 1;
+			else
+				nis_state = start;
+		}
+
+		/*
+		 * If this isn't a NIS user and this isn't an escape to go
+		 * use a NIS map, it must be a regular local user.
+		 */
+
+		if (nis_1_user == 0 && nis_state != start)
+			return val;
+
+		/*
+		 * If this is an escape to use an NIS map, switch over to
+		 * that bunch of code.
+		 */
+
+		if (nis_state == start)
+			goto again;
+
+		/*
+		 * NEEDSWORK.  Here we substitute pieces-parts of this entry.
+		 */
+
+		return 0;
+	} else {
+		if (!nis_bound) {
+			if (bind_nis ()) {
+				nis_state = native2;
+				goto again;
+			}
+		}
+		if (nis_state == start) {
+			if (yp_first (nis_domain, "shadow.bynam", &nis_key,
+			              &nis_keylen, &nis_val, &nis_vallen)) {
+				nis_state = native2;
+				goto again;
+			}
+			nis_state = middle;
+		} else if (nis_state == middle) {
+			if (yp_next (nis_domain, "shadow.bynam", nis_key,
+			             nis_keylen, &nis_key, &nis_keylen,
+			             &nis_val, &nis_vallen)) {
+				nis_state = native2;
+				goto again;
+			}
+		}
+		return my_sgetspent (nis_val);
+	}
+#else
+	return (fgetspent (shadow));
+#endif
+}
+
+/*
+ * getspnam - get a shadow entry by name
+ */
+
+struct spwd *getspnam (const char *name)
+{
+	struct spwd *sp;
+
+#ifdef	USE_NIS
+	static char save_name[16];
+	bool nis_disabled = false;
+#endif
+
+	setspent ();
+
+#ifdef	USE_NIS
+	/*
+	 * Search the shadow.byname map for this user.
+	 */
+
+	if (!nis_ignore && !nis_bound) {
+		bind_nis ();
+	}
+
+	if (!nis_ignore && nis_bound) {
+		char *cp;
+
+		if (yp_match (nis_domain, "shadow.byname", name,
+		              strlen (name), &nis_val, &nis_vallen) == 0) {
+
+			cp = strchr (nis_val, '\n');
+			if (NULL != cp) {
+				*cp = '\0';
+			}
+
+			nis_state = middle;
+			sp = my_sgetspent (nis_val);
+			if (NULL != sp) {
+				strcpy (save_name, sp->sp_namp);
+				nis_key = save_name;
+				nis_keylen = strlen (save_name);
+			}
+			endspent ();
+			return sp;
+		} else {
+			nis_state = native2;
+		}
+	}
+#endif
+#ifdef	USE_NIS
+	/*
+	 * NEEDSWORK -- this is a mess, and it is the same mess in the
+	 * other three files.  I can't just blindly turn off NIS because
+	 * this might be the first pass through the local files.  In
+	 * that case, I never discover that NIS is present.
+	 */
+
+	if (nis_used) {
+		nis_ignore = true;
+		nis_disabled = true;
+	}
+#endif
+	while ((sp = getspent ()) != (struct spwd *) 0) {
+		if (strcmp (name, sp->sp_namp) == 0) {
+			break;
+		}
+	}
+#ifdef	USE_NIS
+	if (nis_disabled) {
+		nis_ignore = false;
+	}
+#endif
+	endspent ();
+	return (sp);
+}
+#else
+extern int errno;		/* warning: ANSI C forbids an empty source file */
+#endif
+